CVE-2014-6212

Published Jan 10, 2015
Last updated 7 years ago
CVSS info 4.0
Overview

Description: The Echo API in IBM Emptoris Contract Management 9.5.x before 9.5.0.6 iFix11, 10.0.0.x before 10.0.0.1 iFix12, 10.0.1.x before 10.0.1.5 iFix2, and 10.0.2.x before 10.0.2.2 iFix5; Emptoris Sourcing 9.5 before 9.5.1.3 iFix2, 10.0.0.x before 10.0.0.1 iFix1, 10.0.1.x before 10.0.1.3 iFix1, and 10.0.2.x before 10.0.2.5; and Emptoris Program Management (aka PGM) and Strategic Supply Management (aka SSMP) 10.0.0.x before 10.0.0.3 iFix6, 10.0.1.x before 10.0.1.4 iFix1, and 10.0.2.x before 10.0.2.5 allows remote authenticated users to read arbitrary files via an XML external entity declaration in conjunction with an entity reference, related to an XML External Entity (XXE) issue.
Source: psirt@us.ibm.com
NVD status: Modified
Risk scores

CVSS 2.0

Type: Primary
Base score: 4
Impact score: 2.9
Exploitability score: 8
Vector string: AV:N/AC:L/Au:S/C:P/I:N/A:N
Weaknesses

nvd@nist.gov: NVD-CWE-Other
Hype score: Not currently trending
Evaluator

Comment: <a href="http://cwe.mitre.org/data/definitions/611.html" target="_blank">CWE-611: Improper Restriction of XML External Entity Reference ('XXE')</a>
Impact: -
Solution: -
Configurations

[
  {
    "nodes": [
      {
        "negate": false,
        "cpeMatch": [
          {
            "criteria": "cpe:2.3:a:ibm:emptoris_sourcing_portfolio:9.5.0.0:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "516752F7-FBA1-4A6B-9BFB-B266024AEBD4"
          },
          {
            "criteria": "cpe:2.3:a:ibm:emptoris_sourcing_portfolio:9.5.0.1:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "2C6D86CF-6DCD-4B23-AA59-77780D9F141E"
          },
          {
            "criteria": "cpe:2.3:a:ibm:emptoris_sourcing_portfolio:9.5.0.2:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "E9AE02CB-CD39-4A88-8F9E-AFCDFBB9025F"
          },
          {
            "criteria": "cpe:2.3:a:ibm:emptoris_sourcing_portfolio:9.5.1.0:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "F9AE268C-C2B0-4FC6-BC81-E1A34F95709E"
          },
          {
            "criteria": "cpe:2.3:a:ibm:emptoris_sourcing_portfolio:9.5.1.1:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "81CAB980-749B-4573-8C2E-A3C4E1313CC0"
          },
          {
            "criteria": "cpe:2.3:a:ibm:emptoris_sourcing_portfolio:9.5.1.2:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "69D4F224-F077-4C59-B76E-76A41F829B74"
          },
          {
            "criteria": "cpe:2.3:a:ibm:emptoris_sourcing_portfolio:9.5.1.3:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "A6F09E04-62B4-4FC6-9A10-9D7ADAF60A10"
          },
          {
            "criteria": "cpe:2.3:a:ibm:emptoris_sourcing_portfolio:10.0.0.0:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "E67AA9E6-8E05-4EA6-99ED-51C7F5D11501"
          },
          {
            "criteria": "cpe:2.3:a:ibm:emptoris_sourcing_portfolio:10.0.0.1:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "E2E5F066-9DB4-4E4C-B253-6C3FA0386849"
          },
          {
            "criteria": "cpe:2.3:a:ibm:emptoris_sourcing_portfolio:10.0.1.0:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "E34A7ACD-EF0D-4333-A3A0-8CE4CB132FF7"
          },
          {
            "criteria": "cpe:2.3:a:ibm:emptoris_sourcing_portfolio:10.0.1.1:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "5820700D-1124-4BF3-ABF5-AD6271D2480C"
          },
          {
            "criteria": "cpe:2.3:a:ibm:emptoris_sourcing_portfolio:10.0.1.2:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "D8BC7A60-CF57-48BA-BDAF-C995E1FFF30F"
          },
          {
            "criteria": "cpe:2.3:a:ibm:emptoris_sourcing_portfolio:10.0.1.3:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "64CE689B-1C0B-47BF-811F-9B72165372BB"
          },
          {
            "criteria": "cpe:2.3:a:ibm:emptoris_sourcing_portfolio:10.0.2.0:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "37DB7389-8FF9-4E94-BD94-9685E6AADAEE"
          },
          {
            "criteria": "cpe:2.3:a:ibm:emptoris_sourcing_portfolio:10.0.2.2:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "162FE448-69CA-45B7-A902-A5F3A9966D8A"
          },
          {
            "criteria": "cpe:2.3:a:ibm:emptoris_sourcing_portfolio:10.0.2.3:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "B6C9636B-D48A-4836-9679-A6E197FB35CB"
          },
          {
            "criteria": "cpe:2.3:a:ibm:emptoris_sourcing_portfolio:10.0.2.4:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "4CBC2237-25F5-4526-BB42-74D7CC5997E1"
          }
        ],
        "operator": "OR"
      }
    ]
  },
  {
    "nodes": [
      {
        "negate": false,
        "cpeMatch": [
          {
            "criteria": "cpe:2.3:a:ibm:emptoris_program_management:10.0.0.0:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "7E9B1DC9-F22F-41BC-B6C9-4685875F8045"
          },
          {
            "criteria": "cpe:2.3:a:ibm:emptoris_program_management:10.0.0.1:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "B50FAD1F-069A-48FD-9A8A-F8119AAB7A92"
          },
          {
            "criteria": "cpe:2.3:a:ibm:emptoris_program_management:10.0.0.2:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "77305FCA-01E4-4737-970A-07C45396A976"
          },
          {
            "criteria": "cpe:2.3:a:ibm:emptoris_program_management:10.0.0.3:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "278587DC-3427-4427-9268-61EA751ACD33"
          },
          {
            "criteria": "cpe:2.3:a:ibm:emptoris_program_management:10.0.1.0:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "4613100D-8070-46FA-8BBF-7A400CDF3418"
          },
          {
            "criteria": "cpe:2.3:a:ibm:emptoris_program_management:10.0.1.1:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "5373CACA-8948-446C-A21F-324A4A8D57E6"
          },
          {
            "criteria": "cpe:2.3:a:ibm:emptoris_program_management:10.0.1.2:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "B08D2BA9-80F9-4CC7-8388-620414472A77"
          },
          {
            "criteria": "cpe:2.3:a:ibm:emptoris_program_management:10.0.1.3:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "1CAB6666-011E-41B9-8996-896CC3D9D499"
          },
          {
            "criteria": "cpe:2.3:a:ibm:emptoris_program_management:10.0.1.4:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "17ABFA96-BFA3-4C38-9CFB-08BF643A70CC"
          },
          {
            "criteria": "cpe:2.3:a:ibm:emptoris_program_management:10.0.2.0:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "A73010A1-5692-49AD-9D64-F8AD988A77A2"
          },
          {
            "criteria": "cpe:2.3:a:ibm:emptoris_program_management:10.0.2.1:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "C98991F0-404C-499D-8BE7-07A628D318EC"
          },
          {
            "criteria": "cpe:2.3:a:ibm:emptoris_program_management:10.0.2.2:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "ADF55ABA-EA8E-4F11-BCF2-CB560E5AEB0B"
          },
          {
            "criteria": "cpe:2.3:a:ibm:emptoris_program_management:10.0.2.3:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "141AF70C-0AAD-45DC-AF01-FFD86D8D768C"
          },
          {
            "criteria": "cpe:2.3:a:ibm:emptoris_program_management:10.0.2.4:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "621FD0A9-C3AA-4114-961E-3B3F587CA3DE"
          }
        ],
        "operator": "OR"
      }
    ]
  },
  {
    "nodes": [
      {
        "negate": false,
        "cpeMatch": [
          {
            "criteria": "cpe:2.3:a:ibm:emptoris_contract_management:9.5.0.0:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "F6F3C251-C3BA-4304-9878-102F3F2FFFCB"
          },
          {
            "criteria": "cpe:2.3:a:ibm:emptoris_contract_management:9.5.0.1:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "82DA8E24-DDBC-48E0-A2A3-57E06CDCF85C"
          },
          {
            "criteria": "cpe:2.3:a:ibm:emptoris_contract_management:9.5.0.2:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "70478E47-1C52-45E6-92A9-698CA5C25C3C"
          },
          {
            "criteria": "cpe:2.3:a:ibm:emptoris_contract_management:9.5.0.3:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "4B85D7E5-9D5B-4B77-A032-3BF92C2EF735"
          },
          {
            "criteria": "cpe:2.3:a:ibm:emptoris_contract_management:9.5.0.4:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "A85A9BD0-6E1F-4758-AEF3-E10CC4F9FDCF"
          },
          {
            "criteria": "cpe:2.3:a:ibm:emptoris_contract_management:9.5.0.5:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "479D5852-9127-4AB3-82BB-37A552C14781"
          },
          {
            "criteria": "cpe:2.3:a:ibm:emptoris_contract_management:9.5.0.6:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "991D88E6-740E-4F75-B616-5179B015A9D6"
          },
          {
            "criteria": "cpe:2.3:a:ibm:emptoris_contract_management:10.0.0.0:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "88BD708C-D51D-4990-8262-52DB13B7EDC7"
          },
          {
            "criteria": "cpe:2.3:a:ibm:emptoris_contract_management:10.0.0.1:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "629E78F5-0CEE-4CC2-8C4B-949D15531905"
          },
          {
            "criteria": "cpe:2.3:a:ibm:emptoris_contract_management:10.0.1.0:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "808FE7AE-3D37-4646-AE54-6D430122DBCD"
          },
          {
            "criteria": "cpe:2.3:a:ibm:emptoris_contract_management:10.0.1.1:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "892A2283-35E9-4E61-A6D0-B3AF6FE16869"
          },
          {
            "criteria": "cpe:2.3:a:ibm:emptoris_contract_management:10.0.1.2:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "FCDC9134-E550-495D-92E7-81CF72A2CC65"
          },
          {
            "criteria": "cpe:2.3:a:ibm:emptoris_contract_management:10.0.1.3:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "9B5470C2-DEB2-4DB9-9637-908FD1A0AE70"
          },
          {
            "criteria": "cpe:2.3:a:ibm:emptoris_contract_management:10.0.1.4:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "6398295F-71CC-41F7-8258-624BC208EF89"
          },
          {
            "criteria": "cpe:2.3:a:ibm:emptoris_contract_management:10.0.1.5:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "D089951B-A834-4B94-9979-F9466AA0A106"
          },
          {
            "criteria": "cpe:2.3:a:ibm:emptoris_contract_management:10.0.2.0:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "6827F5B1-0114-472F-9991-14F8B49D8B94"
          },
          {
            "criteria": "cpe:2.3:a:ibm:emptoris_contract_management:10.0.2.1:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "C7BAC0A1-FAE0-49F1-AE13-7022122A8E76"
          },
          {
            "criteria": "cpe:2.3:a:ibm:emptoris_contract_management:10.0.2.2:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "7CB8BBCB-22B3-4C96-9DF9-66163EFBA40D"
          }
        ],
        "operator": "OR"
      }
    ]
  },
  {
    "nodes": [
      {
        "negate": false,
        "cpeMatch": [
          {
            "criteria": "cpe:2.3:a:ibm:emptoris:strategic_supply_management:10.0.0.0:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "204C0EAC-B3B2-4784-9817-B33438E53663"
          },
          {
            "criteria": "cpe:2.3:a:ibm:emptoris:strategic_supply_management:10.0.0.1:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "A273D433-B63F-4BF5-8831-428E8E083F7F"
          },
          {
            "criteria": "cpe:2.3:a:ibm:emptoris:strategic_supply_management:10.0.0.2:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "01F19980-C76C-412F-9EA7-08F71D947F0F"
          },
          {
            "criteria": "cpe:2.3:a:ibm:emptoris:strategic_supply_management:10.0.0.3:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "60E4BFC5-CF3C-480D-8EA7-CAC96060C406"
          },
          {
            "criteria": "cpe:2.3:a:ibm:emptoris:strategic_supply_management:10.0.1.0:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "C456A948-C87A-4537-80A9-649BF593B3BF"
          },
          {
            "criteria": "cpe:2.3:a:ibm:emptoris:strategic_supply_management:10.0.1.1:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "8094CD70-C955-4E1C-A0D3-B9166E24AB34"
          },
          {
            "criteria": "cpe:2.3:a:ibm:emptoris:strategic_supply_management:10.0.1.2:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "A499B3BF-7A08-4BB9-BA54-B16030F24E4E"
          },
          {
            "criteria": "cpe:2.3:a:ibm:emptoris:strategic_supply_management:10.0.1.3:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "3A3779FD-5E52-4CD4-AE0B-62E9B315AE1B"
          },
          {
            "criteria": "cpe:2.3:a:ibm:emptoris:strategic_supply_management:10.0.1.4:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "1912BFE3-060C-4C53-ACAB-1A2B04566872"
          },
          {
            "criteria": "cpe:2.3:a:ibm:emptoris:strategic_supply_management:10.0.2.0:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "8051030A-B35F-483D-9D9F-40FE971C840F"
          },
          {
            "criteria": "cpe:2.3:a:ibm:emptoris:strategic_supply_management:10.0.2.1:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "0A90BFE2-578C-40E4-8A52-B8482E53B549"
          },
          {
            "criteria": "cpe:2.3:a:ibm:emptoris:strategic_supply_management:10.0.2.2:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "6935C831-2C4B-4E96-855A-F91C3FDE0749"
          },
          {
            "criteria": "cpe:2.3:a:ibm:emptoris:strategic_supply_management:10.0.2.3:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "59034A1D-ECE9-4A1A-ADC6-1FB37AE29D16"
          },
          {
            "criteria": "cpe:2.3:a:ibm:emptoris:strategic_supply_management:10.0.2.4:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "814D1A05-F245-4AD1-8429-D7577F4F61BA"
          }
        ],
        "operator": "OR"
      }
    ]
  }
]
Overview

Risk scores

CVSS 2.0

Weaknesses

Social media

Evaluator

Configurations

References
